Chrome is my Web browser of choice. Why? It arguably is the most secure Web browser currently available. Still, I’m a firm believer that you can’t have too much security. So when third-party developers create extensions that enhance security, I pay attention. Here are some you may want to have a look at.

Note: This article is also available for download as a PDF and PowerPoint presentation.

1: AdBlock

Some may not consider AdBlock a security extension. But I would not surf without it. By blocking ads, AdBlock removes a relatively new attack vector. The bad guys are using what is called Malware Ad Injections to successfully infiltrate accredited Web sites like the New York Times. AdBlock prevents that.

2: Bug Me Not

Bug Me Not is a unique extension. Its purpose is to thwart advertising spam from Web sites that require registering. If a Web site requests information, activate the extension. It will check Bug Me’s database. If registration information is available, Bug Me Not will populate the form, allowing you to continue, yet remain anonymous.

3: FlashBlock

Vulnerabilities in Flash are becoming popular targets for the criminal element. FlashBlock helps by initially blocking all Flash content on a Web page. You then choose to activate individual elements or all Flash content on the page. FlashBlock remembers your decisions, building a whitelist of trusted sites.

4: LastPass

LastPass is an online password manager and form filler. Because it is online, passwords and personal information can be synced across multiple computers. To accomplish that, all transferred data is first encrypted locally, then uploaded to LastPass servers. You can read about other helpful features in my review of LastPass.

5: RoboForm Online

RoboForm Online is another password manager and form filler I want to mention, as LastPass may not be for everyone. TechRepublic writer Tom Olzak wrote a nice review describing all of the available features. It is similar to LastPass in that passwords are encrypted locally, then uploaded to RoboForm servers.

6: SecBrowsing Plug-in Version Checker

If you use extensions, you need SecBrowsing Plug-in Version Checker. Like any software, extensions can have bugs. I recently wrote a post about how the bad guys are leveraging vulnerabilities in extensions. So install SecBrowsing Plug-in Version Checker to make sure you have the latest software.

7: SiteAdvisor

SiteAdvisor is a service that reports on the safety of Web sites. I mentioned it when writing about phishing Web sites. The SiteAdvisor icon (located right of the address bar) advertises the Web site’s rating. You also have the option of not allowing suspicious Web sites to load.

8: Unencrypted Password Warning

Unencrypted Password Warning does exactly what its name says. It also displays a warning if credit card numbers are sent in the clear. This extension is helpful for users who aren’t familiar with HTTPS and what it means. If there is a problem, it opens a window and explains what’s wrong.

9: WOT

Web of Trust (WOT) is another extension that rates the trustworthiness of Web sites. I wanted to include both WOT and SiteAdvisor, as they have differences. Unlike SiteAdvisor, WOT rates search results, which is a nice feature. You have an idea before you proceed to the Web site.

10: Xmarks Bookmarks Sync

Xmarks Bookmarks Sync is not necessarily a security extension, nor is it needed if you use Chrome exclusively. But if you run multiple Web browsers, including Chrome, Firefox, Safari, and Internet Explorer, on different computers, Xmarks will make your life a whole lot easier. It automatically syncs your bookmarks everywhere. A more detailed explanation of the extension is available on the Xmarks site.

Final thoughts

Many of these extensions are just being ported to Chrome and may have issues. So you need to be careful, as the bad guys are focused on extension vulnerabilities.

One final note: LastPass is my favorite extension for many reasons. A new one has just cropped up. You may have heard about tabnapping. Password managers like LastPass remove the problem. The login information is associated only with the correct Web site address.